Industrial control systems (ICS) follow a layered network architecture based on Purdue model—L1 to L5 network levels/security layers. Typically, there is no domain trust between levels. For example, L4 security layer will have a domain controller that is not trusted by L3 security layer domain controller and vice versa. Based on these security layers separations, a user at the L4 security layer is not trusted (not identifiable) at the L3 security layer and vice versa. In ICS systems, users are typically not permitted to cross layers.